A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318) A null pointer dereference flaw was found in Samba's winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14323) A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated malicious user to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administratorprivileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472)
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows server 2008 r2 |
||
microsoft windows server 2012 r2 |
||
microsoft windows server 2016 - |
||
microsoft windows server 2012 - |
||
microsoft windows server 2019 - |
||
microsoft windows server 2004 - |
||
microsoft windows server 20h2 - |
||
microsoft windows server 1903 |
||
microsoft windows server 1909 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
opensuse leap 15.1 |
||
opensuse leap 15.2 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 20.04 |
||
synology directory server |
||
samba samba |
||
debian debian linux 9.0 |
||
oracle zfs storage appliance kit 8.8 |
A look at the cyber security trends from the third quarter of 2020.
Posted: 18 Dec, 20203 Min ReadThreat Intelligence SubscribeThreat Landscape Trends – Q3 2020A look at the cyber security trends from the third quarter of 2020.We took a look through telemetry from our vast range of data sources and selected some of the trends that stood out from July, August, and September 2020 From significant increases in Emotet and Cobalt Strike activity to a spike in the number of server vulnerability exploit attempts, let...
Evidence that advanced persistent threat group Cicada is behind attack campaign targeting companies in 17 regions and multiple sectors.
Posted: 17 Nov, 20208 Min ReadThreat Intelligence SubscribeJapan-Linked Organizations Targeted in Long-Running and Sophisticated Attack CampaignEvidence that advanced persistent threat group Cicada is behind attack campaign targeting companies in 17 regions and multiple sectors.A large-scale attack campaign is targeting multiple Japanese companies, including subsidiaries located in as many as 17 regions around the globe in a likely intelligence-ga...
Governments and state-owned organizations are the latest targets of a well-established threat actor.
Posted: 13 Sep, 202212 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinNew Wave of Espionage Activity Targets Asian GovernmentsGovernments and state-owned organizations are the latest targets of a well-established threat actor.A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-ow...
NoName ransomware gang deploying RansomHub malware in recent attacks By Bill Toulas September 10, 2024 06:35 AM 0 The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. The gang uses custom tools known as the Spacecolon malware family, and deploys them after gaining access to a network through brute-force methods as well as explo...
Backdoor leverages Microsoft Graph API for C&C communication.
Posted: 21 Jun, 20236 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinGraphican: Flea Uses New Backdoor in Attacks Targeting Foreign MinistriesBackdoor leverages Microsoft Graph API for C&C communication.The Flea (aka APT15, Nickel) advanced persistent threat (APT) group continued to focus on foreign ministries in a recent attack campaign that ran from late 2022 into early 2023 in which it leveraged a new backdoor called Backd...
Emergent operation has grown quickly to become one of the most prolific ransomware threats
Posted: 5 Jun, 20243 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinRansomHub: New Ransomware has Origins in Older KnightEmergent operation has grown quickly to become one of the most prolific ransomware threatsRansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware. Analysi...
Introduction Knowledge is our best weapon in the fight against cybercrime. An understanding of how various gangs operate and what tools they use helps build competent defenses and investigate incidents. This report takes a close look at the history of the Cuba group, and their attack tactics, techniques and procedures. We hope this article will help you to stay one step ahead of threats like this one. Cuba ransomware gang Cuba data leak site The group’s offensives first got on our radar in lat...
Being slow to patch just means you'll get pwned faster
Attackers began scanning for vulnerabilities just five minutes after Microsoft announced there were four zero-days in Exchange Server, according to Palo Alto Networks. Malicious people seeking to exploit flaws in general were doing so within a quarter of an hour of details being released, the company's Cortex Xpanse research team said today. Although research director Rob Rachwald did not elaborate when The Register asked for more detail on its findings, a released report reckoned "scans began w...
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, in Q3: In Q3 2020, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 146,761 users. !function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&w...
Officials go with randomly selected words with unintentionally hilarious results. Filthy Python, anyone? US-CERT lists the 10 most-exploited security bugs and, yeah, it's mostly Microsoft holes people forgot to patch
Many memorable events get named, whether they're hurricanes, political events, or security incidents like the Morris Worm, which surfaced 32 years ago yesterday. But named security incidents recently have editorialized their own importance with fear-mongering monikers like Heartbleed (2014), Meltdown, Spectre, and Foreshadow (2018), and Fallout and ZombieLoad (2019). Not all do so. There have been less emotionally loaded bug names proposed, like CacheOut, CrossTalk, and RIDL, but name-amplified ...
'Unauthorized access to elections support systems' detected tho 'no evidence to date that integrity of elections data has been compromised' Big US election coming up, security is vital and, oh look... a federal agency just got completely pwned for real
If you're wondering which bugs in particular miscreants are exploiting to break into, or attempt to break into, US government networks, wonder no more. And then make sure you've patched them. Uncle Sam's Dept of Homeland Security has this month identified at least six possible routes into the nation's computer systems, and the method used to gain total control over the machines once inside. Those six vulnerabilities are... ...plus CVE-2020-1472, aka ZeroLogon, in Microsoft Windows, which is expl...
Scan servers for signs of compromise and patch if you haven't already As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected
The rather concerning design flaw in Microsoft's netlogon protocol is being exploited in the wild by miscreants, the Windows giant's security team has warned. The mega-biz today confirmed it is seeing active attacks abusing the CVE-2020-1472 vulnerability, aka ZeroLogon, which can be exploited to bypass authentication and gain domain-level administrator access in corporate networks. The protocol-level hole affects Windows Server and other software that implements MS-NRPC to provide domain contro...
Domain controllers at risk of hijacking, depending on version and configuration
Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server. An alert from the project has confirmed that its code, in certain configurations, is also vulnerable to the CVE-2020-1472 bug, which can be exploited to gain domain-level administrator access. The vulnerability lies in the design of Microsoft's Netlogon Remote Protocol (MS-NRPC), which Samba inherited as it supp...
Government sysadmins given weekend to fix ZeroLogon elevation of privilege bug, rest of us given stern warning
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take “immediate and emergency action” to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Mi...
Government sysadmins given weekend to fix ZeroLogon elevation of privilege bug, rest of us given stern warning
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has taken the unusual step of issuing an emergency directive that gives US government agencies a four-day deadline to roll out a Windows Server patch. The directive, issued on September 18, demanded that executive agencies to take “immediate and emergency action” to patch CVE-2020-1472, the CVSS-perfect-ten-rated flaw that Dutch security outfit Secura BV said allows attackers to instantly become domain admin by subverting Mi...
Please, thanks, good show, cheers, ta
Patch Tuesday Patch Tuesday used to be Microsoft's day to release patches. Now Adobe, Intel, and SAP are routinely joining the fun – with special guest star Red Hat this month. If you've felt overwhelmed by the sheer number of security patches Microsoft has emitted this year, you are not alone. Patch watchers at the Zero Day Initiative said that, including the 120 product security bulletins posted this August, Microsoft is just 11 patches away from surpassing its 2019 full-year total with four...
Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical infrastructure attacks ramping up
The US government has issued an alert about Cuba; not the state but a ransomware gang that's taking millions in purloined profits. The Cuba gang has hit more than 100 organizations worldwide, demanding over $145 million in payments and successfully extorting at least $60 million since August, according to a joint FBI and US Cybersecurity and Infrastructure Security Agency (CISA) advisory. According to the security alert: The FBI first warned about the cybercrime gang in December 2021, and since ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources As America, UK, Canada, Australia and friends share essential bible to detect and thwart infections
Seven nations today issued an alert, plus protection tips, about LockBit, the prolific ransomware-as-a-service gang. The group's affiliates remains a global scourge, costing US victims alone more than $90 million from roughly 1,700 attacks since 2020, we're told. The joint security advisory — issued by the US Cybersecurity and Infrastructure Security Agency (CISA), FBI, Multi-State Information Sharing and Analysis Center (MS-ISAC), and cybersecurity authorities in Australia, Canada, the UK, Ge...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Malware code potentially sold off, tweaked, back at it infecting victims
RansomHub, a newish cyber-crime operation that has claimed to be behind the theft of data from Christie's auction house and others, is "very likely" some kind of rebrand of the Knight ransomware gang, according to threat hunters. Emerging in February, RansomHub has been extremely active: It's bragged about stealing and then somewhat ironically auctioning off Christie's customer data, along with internal info swiped from US broadband telco Frontier Communications – and even Change Healthcare af...